CVE-2021-41785: Use After Free
First published: Mon Aug 29 2022(Updated: )
Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxit PDF Editor | >=11.0<11.1 | |
| Foxit PDF Reader | >=11.0<11.1 | |
| Foxit PhantomPDF | <10.1.6 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2021-41785.
What software versions are affected by this vulnerability?
Foxit PDF Reader versions before 11.1, PDF Editor versions before 11.1, and PhantomPDF versions before 10.1.6 are affected by this vulnerability.
How can attackers exploit this vulnerability?
Attackers can exploit this vulnerability by triggering a use-after-free and executing arbitrary code through mishandled JavaScript.
What is the severity level of this vulnerability?
The severity level of this vulnerability is high with a CVSS score of 7.8.
How can I fix this vulnerability?
To fix this vulnerability, update Foxit PDF Reader, PDF Editor, and PhantomPDF to version 11.1 or higher.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/event
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/tags
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/foxit
- canonical/foxit pdf editor
- version/foxit pdf editor/11.0
- canonical/foxit pdf reader
- version/foxit pdf reader/11.0
- canonical/foxit phantompdf
- vendor/microsoft
- canonical/microsoft windows